ci: add CodeQL, Safety CVE scan, and Bandit rules to CI#883
ci: add CodeQL, Safety CVE scan, and Bandit rules to CI#883raajheshkannaa wants to merge 2 commits into
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Pull Request Test Coverage Report for Build 16610817334Details
💛 - Coveralls |
raajheshkannaa
force-pushed
the
sec/codeql-safety
branch
from
fdcdde5 to
8b25f29
Compare
|
I don't see the point in adding these duplicative features, and it increases CI run times, consuming more electricity, without need. I could be wrong, and if so, there needs to be a good explanation for why this is needed, especially since it is a product from the contributor's employer. It's irresponsible not to disclose that up front, too. |
|
@stevepiercy Thanks for taking the time to review this. I understand the extra checks don’t fit the project’s current CI goals, so I’m withdrawing the proposal. (For clarity: the defensive-works org on my fork is just my personal namespace—there’s no company or product endorsement involved.) Appreciate the quick feedback, and best of luck with the next release! (Closing this PR to avoid further noise.) |
4 participants
Why
--select B) were not enabled.What’s in this PR
.github/workflows/codeql.yml.github/workflows/ruff.yml• Bandit rules via
ruff --select B• Safety CVE scan job (uploads report artifact)
Impact
Happy to maintain these security workflows going forward—feedback welcome!